Security First

Your privacy and security are at the core of everything we do. That’s why we chose a padlock as our logo. We’ve built Auth-Email from the ground up with a zero-knowledge architecture to keep your email safe.

Secure by Design

Encryption Everywhere

All connections are encrypted using industry-standard TLS:

  • Web dashboard – We only allow secure HTTPS connections
  • IMAP / POP3 / SMTP – All email connections are encrypted using TLS
  • OAuth configuration – All OAuth API communications with email providers are secured via TLS

Your data is never transmitted in plain text.

Zero-Knowledge Storage

Your OAuth account credentials are protected at all times:

  • Client-side encryption – Tokens are encrypted using your password
  • No key storage – We do not store your encryption password. Only you have the decryption key
  • Automatic protection – Authorization tokens are handled transparently via IMAP / POP3 / SMTP

It is impossible for us to access your account data.

Minimal Logging

We believe in collecting only what’s absolutely necessary to provide our service:

  • No email content – Never logged, stored, or accessed
  • No message metadata – No subjects, recipients, or details
  • Status only – Just login success / failure status for abuse prevention

Your email activity remains completely private.

Data Protection

Server Location

We chose Germany as the location for our infrastructure because it has some of the strongest privacy and data protection laws in the world. Our servers are subject to strict European regulations designed to protect your personal data.

GDPR Compliant

We are fully compliant with the European General Data Protection Regulation (GDPR), giving you control over your personal data. For more details, see our Privacy Policy.

Additional Security Measures

Passwordless Login

Link-based authentication eliminates password-related risks. Secure, time-limited tokens expire after 10 minutes.

Infrastructure Security

Regular software updates and patches, multi-layer firewall protection, strict access controls, and security audits.

Data Minimization

We only collect and store the minimum data necessary to provide our services. Less data means less risk.

Responsible Disclosure

We welcome security researchers to help us keep Auth-Email secure. If you believe you have discovered an issue, please contact us immediately:

[email protected]

We respond promptly, work collaboratively to resolve issues, and do not pursue legal action against researchers acting in good faith.

Your Security Checklist

Security is a shared responsibility. Here’s what you can do:

  • Enable two-factor authentication – Add an extra layer of protection to your Auth-Email account
  • Use strong passwords - Choose unique, unguessable passwords when linking your accounts
  • Review connected accounts - Periodically check which email accounts are linked to Auth-Email, and remove any that are no longer needed

Questions about our security practices?

We’re happy to answer any questions you have about how we protect your data.

Ask us a question